How to be compliant with the new regulations
Just over a year ago, the European Union announced the General Data Protection Regulation—also known as the GDPR. It’s fast become a buzz word, but so many of us still don’t get what the buzz is all about. What is it? How does it affect you? Are you compliant? What happens if you’re not? We’re here to answer all of your burning questions—of course, a friendly reminder we’re not lawyers (wait, what?!) Yeah, we’re just versed in the GDPR because, well, we build websites every day. So, if you’re nervous about the legal side of things, invest in a GDPR-savvy lawyer to inform yourself. In the meantime, here are the basics.
What is the GDPR?
In short, it’s a regulation the European Union rolled out on May 25, 2018 about data protection and privacy for all citizens of the European Union and European Economic Area (for simplicity’s sake, we’ll refer to them as Europeans). We know it all sounds so boring, but it was created because really un-boring things were happening.
Does it affect me?
We know what you’re thinking: You’re in the clear. You don’t live in Europe, so you don’t have to worry about the GDPR, right? Unfortunately, that’s not the case. Here’s the catch: Any company, anywhere in the world, that markets products or services to Europeans is subject to GDPR.
Just like espresso, the GDPR has gone from European origin to global infiltration—but, unlike espresso, people aren’t sure if that’s a good thing. We like to think it’s neither good nor bad, just a necessity. If you run a business that sells products or services to Europeans (whether it’s e-books or real books), you’ve got to comply with the regulations.
What does it mean to be compliant?
Essentially, being compliant means not being shady about collecting personal data or how you’re using that personal data. At a minimum, your website should include:
Terms & Conditions
This is your contract with your site visitors that’s typically linked from the footer of your website.
Cookies Policy & Permission
We’re not talking chocolate chip cookies. Cookies collect information on your site visitors, so you’ve got to share your policy and ask for their consent, typically through a pop-up.
Consent for Data Collection
Any time you ask for user data, like through a newsletter sign-up form, you’ve got to ask for their consent.
In addition to adding these features to your website, you’ve got to be compliant when users as for specific information, including:
The flip side of asking your user for data? They can ask you for theirs. Under the GDPR, a user can file a subject access request at no charge to access their personal information.
Like export requests, at any given time, a user can request the erasure of their personal data from your database—and you must comply.
Consequences of Non-Compliance
Don’t feel like complying? Sure, you may get off with a warning—but you may be subject to an audit or even hefty fines. We don’t tell you this to freak you out. Because it’s surprisingly easy to follow the regulations—like requiring consent to collect data and providing data-breach notifications. No brainers, really.
The GDPR’s regulations are intended to protect Europeans from compromised data (like your credit card digits) and shady disclosure. So, let’s not get too judgy. After all, Canada may just follow in their footsteps soon. So, let’s embrace the GDPR, and get educated and get compliant.